Ransomware Group: SAFEPAY

VICTIM NAME: naxis[.]net

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the SAFEPAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak pertains to the victim domain naxis.net, which operates within the technology sector. The compromise was publicly disclosed on July 22, 2025, indicating a recent cybersecurity incident. The threat actors belong to the group identified as “safepay,” and their activities have targeted the victim’s infrastructure. The leak page includes a screenshot, which appears to depict internal data or system information, although specific details are not provided here. No personal or employee data has been publicly exposed according to available information. The attackers claim responsibility and have provided a link to their claim on the dark web, but no additional victim-specific information has been released to the public. The incident appears to involve data exfiltration and possibly other malicious activities related to targeted cyber operations. The page’s content suggests an organized effort to leak stolen data or system details, potentially including confidential information pertaining to the victim’s organization or operations. Currently, no information about user or third-party involvement has been disclosed.

The leak page features a screenshot that may include internal documents or system screenshots, providing the threat actors’ evidence of their access. The detailed technical or sensitive elements of the leak are not fully described here, but the leak’s existence indicates ongoing malicious activity linked to the recent attack. The victim’s geographic location is Singapore, placing the incident within Southeast Asia. The group responsible, “safepay,” appears to be active in this region, with targeted operations likely aimed at extracting and publicly releasing organizational data. No personally identifiable information (PII) or explicit details about other affected parties are publicly available from the leak. The incident reflects broader concerns about data security and cyber threat evolution in the technology sector, emphasizing the importance of robust cybersecurity measures to prevent such incidents in the future.